A critical update to Adobe Reader 8.1.2 and Acrobat 8.1.2 has been released to address a remote exploit vulnerability. Version 9 of these products are not vulnerable.
The advisory from Core Security notes that there is a stack buffer overflow when parsing PDF files, and the flaw could be exploited if a user is tricked into opening a rigged PDF file.
The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the “util.printf()” JavaScript function. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.
A specifically crafted PDF file that embeds JavaScript code to manipulate the program’s memory allocation pattern and trigger the vulnerability can allow an attacker to execute arbitrary code with the privileges of a user running the Adobe Reader application.
If, for some reason, you can’t upgrade to the latest version, Core says a possible workaround for this vulnerability is to disable JavaScript in Adobe Reader and Acrobat (in the software’s Edit/Preferences menu). Disabling JavaScript will prevent the issue, although it will also prevent many basic Acrobat and Reader workflows from properly functioning.
Leave A Comment